Author Topic: How do I write directly to the flash memory on an Nspire?  (Read 7347 times)

0 Members and 2 Guests are viewing this topic.

Offline fb39ca4

  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1749
  • Rating: +60/-3
    • View Profile
How do I write directly to the flash memory on an Nspire?
« on: August 17, 2011, 02:25:53 pm »
I want to put random garbage at flash page 0x0020, (for the purpose of corrupting boot2  >:D) how do I accomplish this? Also, is overwriting the boot2 supported in the emulator? (for the purpose of testing to make sure I overwrite the right thing)
« Last Edit: August 17, 2011, 02:27:36 pm by t0xic_kitt3n »

Offline ExtendeD

  • CoT Emeritus
  • LV8 Addict (Next: 1000)
  • *
  • Posts: 825
  • Rating: +167/-2
    • View Profile
Re: How do I write directly to the flash memory on an Nspire?
« Reply #1 on: August 17, 2011, 03:51:13 pm »
There aren't any syscalls for flash writing, but there are OS functions for this.
I have written a diags software writer a while ago but it was quite unstable, I'm not sure why. That's why the functions aren't exported.
You may also have a look at nspire_emu's source code to understand low-level interactions with the flash chip.

I think you need to emulate on an OS with a boot1 for nspire_emu to take into account a boot2 update.
Ndless.me with the finest TI-Nspire programs

Offline Goplat

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 289
  • Rating: +82/-0
    • View Profile
Re: How do I write directly to the flash memory on an Nspire?
« Reply #2 on: August 17, 2011, 04:31:17 pm »
You may also have a look at nspire_emu's source code to understand low-level interactions with the flash chip.
That code is not based on any documentation or testing at all; it's just the bare minimum of accuracy to make TI's OS work. If you're not doing things exactly as the OS does, then emulation and reality will very likely differ.
Numquam te deseram; numquam te deficiam; numquam circa curram et te desolabo
Numquam te plorare faciam; numquam valedicam; numquam mendacium dicam et te vulnerabo

Offline Awesomeness

  • LV1 Newcomer (Next: 20)
  • *
  • Posts: 15
  • Rating: +0/-0
    • View Profile
Re: How do I write directly to the flash memory on an Nspire?
« Reply #3 on: September 15, 2011, 06:53:14 am »
What is boot2? I apologize in advance for my ignorance. :P
« Last Edit: September 15, 2011, 06:53:38 am by Awesomeness »

Offline ExtendeD

  • CoT Emeritus
  • LV8 Addict (Next: 1000)
  • *
  • Posts: 825
  • Rating: +167/-2
    • View Profile
Re: How do I write directly to the flash memory on an Nspire?
« Reply #4 on: September 15, 2011, 07:06:26 am »
boot2 is a software module which loads the operating system. It is itself loaded by boot1.
Ndless.me with the finest TI-Nspire programs

Offline bsl

  • LV4 Regular (Next: 200)
  • ****
  • Posts: 157
  • Rating: +14/-0
    • View Profile
Re: How do I write directly to the flash memory on an Nspire?
« Reply #5 on: September 15, 2011, 10:20:25 am »
I have two programs that work on the emulator but not on hardware Boot2Writer
and DiagsWriter. You can also directly edit the emulator flash file to install these, with a
small C or python program. I used the same method to install Ndless 1.1 on the emulator.

I would not release a working version of Boot2Writer because it can brick the calculator.
 You would need an RS232-USB module to recover from this, and most users don't have this.

Offline ExtendeD

  • CoT Emeritus
  • LV8 Addict (Next: 1000)
  • *
  • Posts: 825
  • Rating: +167/-2
    • View Profile
Re: How do I write directly to the flash memory on an Nspire?
« Reply #6 on: September 15, 2011, 10:22:03 am »
I have two programs that work on the emulator but not on hardware Boot2Writer
and DiagsWriter.

This was the behavior I had with my own experiments, I never could figure out why.
Ndless.me with the finest TI-Nspire programs

Offline bsl

  • LV4 Regular (Next: 200)
  • ****
  • Posts: 157
  • Rating: +14/-0
    • View Profile
Re: How do I write directly to the flash memory on an Nspire?
« Reply #7 on: September 15, 2011, 10:28:19 am »
I am trying to figure that out now.
I think you have to call flash_erase_range() first before writing to the range.
Also I am calling write_nand() the same way boot1 does when it flashes a diags or boot2 through RS232.